WRT600N tracert exploit with stock Linksys firmware

Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Broadcom SoC based Hardware
Goto page Previous  1, 2, 3, ... 19, 20, 21  Next
Author Message
Transient
DD-WRT User


Joined: 16 Jun 2006
Posts: 91

PostPosted: Sat Apr 19, 2008 18:53    Post subject: Reply with quote
BTW, I did a ls of /sbin and we definately have write!

Code:
autobridge.sh
erase
fdisk
fw_crc
getty
halt
hotdiskadd
hotdiskremove
hotplug
ifconfig
init
insmod
klogd
logread
lsmod
mkdosfs
mkfs.msdos
mkfs.vfat
modprobe
poweroff
rc
reboot
rmmod
route
stats
subwan_up.sh
sulogin
sysctl
syslogd
tmpgroupadd
tmpgroupdel
tmpuseradd
tmpuseraddgroup
tmpuserdel
tmpuserdelgroup
tmpusersetgroup
udhcpc.sh
vconfig
wanup.sh
write
Sponsor
xanderx
DD-WRT Novice


Joined: 19 Apr 2008
Posts: 28

PostPosted: Sat Apr 19, 2008 18:58    Post subject: Reply with quote
jmh9072 wrote:
xanderx wrote:
jmh9072 wrote:
xanderx wrote:
jmh9072 wrote:
So maybe the reason they won't flash is that it doesn't have mtd. I guess you could wget mtd from a somewhere and then chmod +x on it. Then it might work. I'll upload mtd to my server when I get a chance.

EDIT: Does it have the 'write' command? If so you could do it using that.


sorry i m not expert with linux, but if i have mouted my usb disk, wy i need to use wget ? why i can not copy the file(s) that i need from the usb disk ?

can you send to my email the program that you have talked (mtd)?

Thanks

I was speaking in general. You should be able to get it off the usb disk. Try this (make sure to replace [FIRMARE_FILENAME] with the name of the .bin you want to use):
Quote:
write /tmp/memstick/host0_part1/[FIRMWARE_FILENAME] linux


i can not solve :(

i have only 30 char for put the command and i can not write the full command

"|cd /tmp/ftproot/root|write w.b linux"

I can only write "|cd /tmp/ftproot/root|write w."

how can i solve ?

thanks

Type
"|cp /tmp/ftproot/root/w.b /tmp"
then
"|cd /tmp|write w.b linux"
That should work.


nothing to do Sad
xanderx
DD-WRT Novice


Joined: 19 Apr 2008
Posts: 28

PostPosted: Sat Apr 19, 2008 19:03    Post subject: Reply with quote
Transient wrote:
BTW, I did a ls of /sbin and we definately have write!

Code:
autobridge.sh
erase
fdisk
fw_crc
getty
halt
hotdiskadd
hotdiskremove
hotplug
ifconfig
init
insmod
klogd
logread
lsmod
mkdosfs
mkfs.msdos
mkfs.vfat
modprobe
poweroff
rc
reboot
rmmod
route
stats
subwan_up.sh
sulogin
sysctl
syslogd
tmpgroupadd
tmpgroupdel
tmpuseradd
tmpuseraddgroup
tmpuserdel
tmpuserdelgroup
tmpusersetgroup
udhcpc.sh
vconfig
wanup.sh
write


yes sure but how to copy the files into the flash :(

lrwxrwxrwx 1 0 0 2 Jan 16 14:01 autobridge.sh -> rc
lrwxrwxrwx 1 0 0 2 Jan 16 14:01 erase -> rc
lrwxrwxrwx 1 0 0 14 Jan 16 14:01 fdisk -> ../bin/busybox
lrwxrwxrwx 1 0 0 2 Jan 16 14:01 fw_crc -> rc
lrwxrwxrwx 1 0 0 16 Jan 16 14:01 getty -> ../bin/tinylogin
lrwxrwxrwx 1 0 0 14 Jan 16 14:01 halt -> ../bin/busybox
lrwxrwxrwx 1 0 0 2 Jan 16 14:01 hotdiskadd -> rc
lrwxrwxrwx 1 0 0 2 Jan 16 14:01 hotdiskremove -> rc
lrwxrwxrwx 1 0 0 2 Jan 16 14:01 hotplug -> rc
lrwxrwxrwx 1 0 0 14 Jan 16 14:01 ifconfig -> ../bin/busybox
lrwxrwxrwx 1 0 0 2 Jan 16 14:01 init -> rc
lrwxrwxrwx 1 0 0 14 Jan 16 14:01 insmod -> ../bin/busybox
lrwxrwxrwx 1 0 0 14 Jan 16 14:01 klogd -> ../bin/busybox
lrwxrwxrwx 1 0 0 14 Jan 16 14:01 logread -> ../bin/busybox
lrwxrwxrwx 1 0 0 14 Jan 16 14:01 lsmod -> ../bin/busybox
-rwxr-xr-x 1 0 0 56696 Jan 16 14:01 mkdosfs
lrwxrwxrwx 1 0 0 7 Jan 16 14:01 mkfs.msdos -> mkdosfs
lrwxrwxrwx 1 0 0 7 Jan 16 14:01 mkfs.vfat -> mkdosfs
lrwxrwxrwx 1 0 0 14 Jan 16 14:01 modprobe -> ../bin/busybox
lrwxrwxrwx 1 0 0 14 Jan 16 14:01 poweroff -> ../bin/busybox
-rwxr-xr-x 1 0 0 188936 Jan 16 14:01 rc
lrwxrwxrwx 1 0 0 14 Jan 16 14:01 reboot -> ../bin/busybox
lrwxrwxrwx 1 0 0 14 Jan 16 14:01 rmmod -> ../bin/busybox
lrwxrwxrwx 1 0 0 14 Jan 16 14:01 route -> ../bin/busybox
lrwxrwxrwx 1 0 0 2 Jan 16 14:01 stats -> rc
lrwxrwxrwx 1 0 0 2 Jan 16 14:01 subwan_up.sh -> rc
lrwxrwxrwx 1 0 0 16 Jan 16 14:01 sulogin -> ../bin/tinylogin
lrwxrwxrwx 1 0 0 14 Jan 16 14:01 sysctl -> ../bin/busybox
lrwxrwxrwx 1 0 0 14 Jan 16 14:01 syslogd -> ../bin/busybox
-rwxr-xr-x 1 0 0 10036 Jan 16 14:01 tmpgroupadd
-rwxr-xr-x 1 0 0 5844 Jan 16 14:01 tmpgroupdel
-rwxr-xr-x 1 0 0 10052 Jan 16 14:01 tmpuseradd
-rwxr-xr-x 1 0 0 5844 Jan 16 14:01 tmpuseraddgroup
-rwxr-xr-x 1 0 0 5860 Jan 16 14:01 tmpuserdel
-rwxr-xr-x 1 0 0 5844 Jan 16 14:01 tmpuserdelgroup
-rwxr-xr-x 1 0 0 5860 Jan 16 14:01 tmpusersetgroup
lrwxrwxrwx 1 0 0 2 Jan 16 14:01 udhcpc.sh -> rc
lrwxrwxrwx 1 0 0 14 Jan 16 14:01 vconfig -> ../bin/busybox
lrwxrwxrwx 1 0 0 2 Jan 16 14:01 wanup.sh -> rc
lrwxrwxrwx 1 0 0 2 Jan 16 14:01 write -> rc
xanderx
DD-WRT Novice


Joined: 19 Apr 2008
Posts: 28

PostPosted: Sat Apr 19, 2008 19:07    Post subject: Reply with quote
Transient wrote:
Okay, currently the textbox is limited to 30 characters. We can expand it using this code:

Code:
javascript:document.getElementById('Traceroute').maxLength=1000;void(0);


It works the same way as the code above -- either put it in the address bar and press Enter or add it to a button on your Links bar.

Run that code and your box will now allow 1000 characters.


nice Smile i have expanded the text box

so do you think that i can try
"|cd /tmp/ftproot/root|write WRT600N_v1.01.35_build_3_11272007_FCC.bin linux"

?
Transient
DD-WRT User


Joined: 16 Jun 2006
Posts: 91

PostPosted: Sat Apr 19, 2008 19:19    Post subject: Reply with quote
xanderx wrote:
Transient wrote:
Okay, currently the textbox is limited to 30 characters. We can expand it using this code:

Code:
javascript:document.getElementById('Traceroute').maxLength=1000;void(0);


It works the same way as the code above -- either put it in the address bar and press Enter or add it to a button on your Links bar.

Run that code and your box will now allow 1000 characters.


nice Smile i have expanded the text box

so do you think that i can try
"|cd /tmp/ftproot/root|write WRT600N_v1.01.35_build_3_11272007_FCC.bin linux"

?


Sure, but I think you should use ; instead of |.

Code:
cd /tmp/ftproot/root;write WRT600N_v1.01.35_build_3_11272007_FCC.bin linux
xanderx
DD-WRT Novice


Joined: 19 Apr 2008
Posts: 28

PostPosted: Sat Apr 19, 2008 19:21    Post subject: Reply with quote
Transient wrote:
xanderx wrote:
Transient wrote:
Okay, currently the textbox is limited to 30 characters. We can expand it using this code:

Code:
javascript:document.getElementById('Traceroute').maxLength=1000;void(0);


It works the same way as the code above -- either put it in the address bar and press Enter or add it to a button on your Links bar.

Run that code and your box will now allow 1000 characters.


nice Smile i have expanded the text box

so do you think that i can try
"|cd /tmp/ftproot/root|write WRT600N_v1.01.35_build_3_11272007_FCC.bin linux"

?


Sure, but I think you should use ; instead of |.

Code:
cd /tmp/ftproot/root;write WRT600N_v1.01.35_build_3_11272007_FCC.bin linux


done.... i hope that it work ....
xanderx
DD-WRT Novice


Joined: 19 Apr 2008
Posts: 28

PostPosted: Sat Apr 19, 2008 19:40    Post subject: Reply with quote
xanderx wrote:
Transient wrote:
xanderx wrote:
Transient wrote:
Okay, currently the textbox is limited to 30 characters. We can expand it using this code:

Code:
javascript:document.getElementById('Traceroute').maxLength=1000;void(0);


It works the same way as the code above -- either put it in the address bar and press Enter or add it to a button on your Links bar.

Run that code and your box will now allow 1000 characters.


nice Smile i have expanded the text box

so do you think that i can try
"|cd /tmp/ftproot/root|write WRT600N_v1.01.35_build_3_11272007_FCC.bin linux"

?


Sure, but I think you should use ; instead of |.

Code:
cd /tmp/ftproot/root;write WRT600N_v1.01.35_build_3_11272007_FCC.bin linux


done.... i hope that it work ....



SOLVED!!!!!!!!!!


IT WORK now i have firmware version Firmware Version: 1.01.35 build 3 and i have tested the upgrade procedure and it work fine!!!

thanks to all!
Transient
DD-WRT User


Joined: 16 Jun 2006
Posts: 91

PostPosted: Sat Apr 19, 2008 19:43    Post subject: Reply with quote
xanderx wrote:
xanderx wrote:
Transient wrote:
xanderx wrote:
Transient wrote:
Okay, currently the textbox is limited to 30 characters. We can expand it using this code:

Code:
javascript:document.getElementById('Traceroute').maxLength=1000;void(0);


It works the same way as the code above -- either put it in the address bar and press Enter or add it to a button on your Links bar.

Run that code and your box will now allow 1000 characters.


nice Smile i have expanded the text box

so do you think that i can try
"|cd /tmp/ftproot/root|write WRT600N_v1.01.35_build_3_11272007_FCC.bin linux"

?


Sure, but I think you should use ; instead of |.

Code:
cd /tmp/ftproot/root;write WRT600N_v1.01.35_build_3_11272007_FCC.bin linux


done.... i hope that it work ....



SOLVED!!!!!!!!!!


IT WORK now i have firmware version Firmware Version: 1.01.35 build 3 and i have tested the upgrade procedure and it work fine!!!

thanks to all!


Awesome!! Thanks for testing and thank you jmh9072 for the write command! Smile
jmh9072
DD-WRT Guru


Joined: 04 Sep 2007
Posts: 800
Location: Ohio

PostPosted: Sat Apr 19, 2008 19:43    Post subject: Reply with quote
Transient wrote:
xanderx wrote:

so do you think that i can try
"|cd /tmp/ftproot/root|write WRT600N_v1.01.35_build_3_11272007_FCC.bin linux"

?


Sure, but I think you should use ; instead of |.

Code:
cd /tmp/ftproot/root;write WRT600N_v1.01.35_build_3_11272007_FCC.bin linux

Good call. I kept wondering why he was putting those |s in there, but I figured it was working, so I didn't say anything.

Transient wrote:
xanderx wrote:

SOLVED!!!!!!!!!!


IT WORK now i have firmware version Firmware Version: 1.01.35 build 3 and i have tested the upgrade procedure and it work fine!!!

thanks to all!


Awesome!! Thanks for testing and thank you jmh9072 for the write command! Smile

No problem. Very Happy This is great news!

_________________
WRT54G v3 - v24 r14471M NEWD Eko - AP
WRT350N v1.0
WRT600N v1.1 - halfway there!
Se7en is Darker...


Last edited by jmh9072 on Sat Apr 19, 2008 19:48; edited 2 times in total
xanderx
DD-WRT Novice


Joined: 19 Apr 2008
Posts: 28

PostPosted: Sat Apr 19, 2008 19:45    Post subject: Reply with quote
Transient wrote:
xanderx wrote:
xanderx wrote:
Transient wrote:
xanderx wrote:
Transient wrote:
Okay, currently the textbox is limited to 30 characters. We can expand it using this code:

Code:
javascript:document.getElementById('Traceroute').maxLength=1000;void(0);


It works the same way as the code above -- either put it in the address bar and press Enter or add it to a button on your Links bar.

Run that code and your box will now allow 1000 characters.


nice Smile i have expanded the text box

so do you think that i can try
"|cd /tmp/ftproot/root|write WRT600N_v1.01.35_build_3_11272007_FCC.bin linux"

?


Sure, but I think you should use ; instead of |.

Code:
cd /tmp/ftproot/root;write WRT600N_v1.01.35_build_3_11272007_FCC.bin linux


done.... i hope that it work ....



SOLVED!!!!!!!!!!


IT WORK now i have firmware version Firmware Version: 1.01.35 build 3 and i have tested the upgrade procedure and it work fine!!!

thanks to all!


Awesome!! Thanks for testing and thank you jmh9072 for the write command! Smile


yes good job, but we need a new firmware from linksys for solving link down problem :(


i hope they will solve early...
CryptoNews
DD-WRT Novice


Joined: 07 Jun 2006
Posts: 38

PostPosted: Sat Apr 19, 2008 22:27    Post subject: Great Reply with quote
Hi all,

xanderx: Can you create step by step guide to downgrade to build 3.

thanks in advance for yor test

regards
xanderx
DD-WRT Novice


Joined: 19 Apr 2008
Posts: 28

PostPosted: Sat Apr 19, 2008 22:29    Post subject: Re: Great Reply with quote
CryptoNews wrote:
Hi all,

xanderx: Can you create step by step guide to downgrade to build 3.

thanks in advance for yor test

regards


0) download the correct firmware from linksys site (build 3) and write it on usb disk connected to the router

1) Go to the "Diagnostics" menu

2) write on the browser bar the command "javascript:document.getElementById('Traceroute').maxLength=1000;void(0);"

3) write on the Traceroute Test text box "cd /tmp/ftproot/root;write WRT600N_v1.01.35_build_3_11272007_FCC.bin linux"

4) write on the browser bar the command "javascript:function ValidateForm1(passForm){res=1;if (document.forms[0].Traceroute.value == "") {res=0;alert(translate_str("Diagnostics",9));document.forms[0].Traceroute.focus();return false;}if (res == 1){document.forms[0].Traceroute.value = '192.168.1.1;'+document.forms[0].Traceroute.value+' ';passForm.tracertstr.value = document.forms[0].Traceroute.value;setTimeout("self.open('Tracert.htm','Tracert','resizable=0,scrollbars=yes,width=800,height=480').focus();",1000);passForm.submit();}};ValidateForm1(document.forms[1]);"

5) wait 5 minutes and reboot the router


Done Smile
crazycracker
DD-WRT Novice


Joined: 04 Jul 2006
Posts: 49

PostPosted: Sun Apr 20, 2008 0:16    Post subject: Reply with quote
i had this shit done yesterday but im still having trouble with the ethernet ports on this fucker dmesg sees the stupid things and ifconfig im gonna shot this thing soon if it doesnt start working right
xanderx
DD-WRT Novice


Joined: 19 Apr 2008
Posts: 28

PostPosted: Sun Apr 20, 2008 6:50    Post subject: Reply with quote
crazycracker wrote:
i had this shit done yesterday but im still having trouble with the ethernet ports on this fucker dmesg sees the stupid things and ifconfig im gonna shot this thing soon if it doesnt start working right



can you describe your problem exactly, I have tested the router after the downgrade, both wire and wireless, and I haven't found any problem... wireless now work without any link lost...
Transient
DD-WRT User


Joined: 16 Jun 2006
Posts: 91

PostPosted: Sun Apr 20, 2008 7:41    Post subject: Reply with quote
crazycracker wrote:
i had this shit done yesterday but im still having trouble with the ethernet ports on this fucker dmesg sees the stupid things and ifconfig im gonna shot this thing soon if it doesnt start working right


Can we keep this thread on-topic please? If you're having a problem with your router, please start your own thread.

This thread is for those with "build 5" firmware that want to downgrade to "build 3".
Goto page Previous  1, 2, 3, ... 19, 20, 21  Next Display posts from previous:    Page 2 of 21
Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Broadcom SoC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum